#!/bin/sh /etc/rc.common
. /lib/functions/network.sh

START=50

del_guest_wifi_cfg() {
	uci -q batch <<-EOF >/dev/null
		delete network.${interface_name}
		delete wireless.${interface_name}
		delete dhcp.${interface_name}
		delete firewall.${interface_name}_zone
		delete firewall.${interface_name}_fwd
		delete firewall.${interface_name}_dns_rule
		delete firewall.${interface_name}_dhcp_rule
		delete firewall.${interface_name}_hide_rule
		set guest-wifi.config.create='0'
	EOF
}

add_interface() {
	uci -q batch <<-EOF >/dev/null
		set network.${interface_name}=interface
		set network.${interface_name}.proto='static'
		set network.${interface_name}.ipaddr="$interface_ip"
		set network.${interface_name}.netmask='255.255.255.0'
	EOF
}

add_ssid() {
	local encryption_setting=
	[ "$encryption" != "none" ] &&
		encryption_setting="set wireless.${interface_name}.key=\"$passwd\""

	uci -q batch <<-EOF >/dev/null
		set wireless.${interface_name}=wifi-iface
		set wireless.${interface_name}.device="$device"
		set wireless.${interface_name}.mode='ap'
		set wireless.${interface_name}.network="${interface_name}"
		set wireless.${interface_name}.ssid="$wifi_name"
		set wireless.${interface_name}.encryption="$encryption"
		set wireless.${interface_name}.isolate="$isolate"
		set wireless.${interface_name}.disabled='0'
		$encryption_setting
	EOF
}

mod_dhcp() {
	uci -q batch <<-EOF >/dev/null
		set dhcp.${interface_name}=dhcp
		set dhcp.${interface_name}.interface="${interface_name}"
		set dhcp.${interface_name}.start="$start"
		set dhcp.${interface_name}.limit="$limit"
		set dhcp.${interface_name}.leasetime="$leasetime"
	EOF
}

mod_fw() {
	local lan_subnet
	network_flush_cache
	network_get_subnets lan_subnet 'lan'

	uci -q batch <<-EOF >/dev/null
		set firewall.${interface_name}_zone=zone
		set firewall.${interface_name}_zone.name="${interface_name}"
		set firewall.${interface_name}_zone.network="${interface_name}"
		set firewall.${interface_name}_zone.forward='REJECT'
		set firewall.${interface_name}_zone.output='ACCEPT'
		set firewall.${interface_name}_zone.input='REJECT'

		set firewall.${interface_name}_fwd=forwarding
		set firewall.${interface_name}_fwd.src="${interface_name}"
		set firewall.${interface_name}_fwd.dest='wan'

		set firewall.${interface_name}_dns_rule=rule
		set firewall.${interface_name}_dns_rule.name="Allow DNS Queries for $wifi_name"
		set firewall.${interface_name}_dns_rule.src="${interface_name}"
		set firewall.${interface_name}_dns_rule.dest_port='53'
		set firewall.${interface_name}_dns_rule.proto='tcpudp'
		set firewall.${interface_name}_dns_rule.target='ACCEPT'

		set firewall.${interface_name}_dhcp_rule=rule
		set firewall.${interface_name}_dhcp_rule.name="Allow DHCP request for $wifi_name"
		set firewall.${interface_name}_dhcp_rule.src="${interface_name}"
		set firewall.${interface_name}_dhcp_rule.src_port='67-68'
		set firewall.${interface_name}_dhcp_rule.dest_port='67-68'
		set firewall.${interface_name}_dhcp_rule.proto='udp'
		set firewall.${interface_name}_dhcp_rule.target='ACCEPT'

		set firewall.${interface_name}_hide_rule=rule
		set firewall.${interface_name}_hide_rule.enabled='1'
		set firewall.${interface_name}_hide_rule.name="Hide My LAN for $wifi_name"
		set firewall.${interface_name}_hide_rule.proto='all'
		set firewall.${interface_name}_hide_rule.src="${interface_name}"

		set firewall.${interface_name}_hide_rule.dest_ip="$lan_subnet"
		set firewall.${interface_name}_hide_rule.target='REJECT'
	EOF
}

guest_wifi_config() {
	mkdir -p /var/lock
	lock /var/lock/guest-wifi.lock

	local interface_name enabled wifi_name encryption passwd interface_ip isolate start limit leasetime device create

	interface_name="guest"
	config_load guest-wifi
	config_get_bool enabled config enabled 0
	config_get wifi_name config wifi_name "Guest-WiFi"
	config_get encryption config encryption "psk2"
	config_get passwd config passwd "guestnetwork"
	config_get interface_ip config interface_ip "192.168.4.1"
	config_get_bool isolate config isolate 1
	config_get start config start 50
	config_get limit config limit 200
	config_get leasetime config leasetime "1h"
	config_get device config device "radio0"
	config_get_bool create config create 0

	if [ "$enabled" -eq 0 ]; then
		if [ "$create" -eq 1 ]; then
			del_guest_wifi_cfg
		else
			[ "$(uci -q get wireless.${interface_name}.disabled)" -eq 0 ] &&
				uci -q set wireless.${interface_name}.disabled='1'
		fi
	elif [ "$enabled" -eq 1 ]; then
		[ "$create" -eq 1 ] && {
			del_guest_wifi_cfg
			add_interface
			add_ssid
			mod_dhcp
			mod_fw
		}
		[ "$(uci -q get wireless.${interface_name}.disabled)" -eq 1 ] &&
			uci -q set wireless.${interface_name}.disabled='0'
	fi
	uci commit
	wifi reload
	lock -u /var/lock/guest-wifi.lock
}

boot() {
	exit 0
}

start() {
	guest_wifi_config
}

stop() {
	exit 0
}

restart() {
	start
}
